We are trying to execute a REST API call (particulary GET) using CFHTTP tag as below :
<cfhttpparam type="header" name="accept-encoding" value="*" />
<cfhttpparam type="header" name="TE" value="deflate;q=0" />
The URL "https://reqres.in/api/users/2 " is a public url and it responds with below content :
When CFHTTP tag is being used, I consistently see below error on my webpage :
Above issue persists, even after installing the certificate from "reqres.in" into cacerts of JAVA_HOME.
Can you please help me here?
Environment Details are :
Cold Fusion 8
Windows 7 Enterprise 64 Bit
The problem is clearly about CF doing a CFHTTP to an https url. This is a very common problem, when the server you're calling has changed to limit what SSL/TLS protocols it will support. (So it may not have to do with certificates.)
So first, what version of CF are you using? and what CF update level? And most important, what Java version are you running? All these are shown in the CF Admin "settings summary" page.
If this is not running Java 8, that's likely the problem. And whether you can update your CF to run on Java 8 depends on the CF version and its update level (as discussed in many places elsewhere).
Similarly, if you need to update the JVM that CF users, that's discussed in many places elsewhere.
Finally, if the problem WAS about certificates, then first you don't clarify if the java_home you refer to is CF's. That's important. Because if the problem is indeed a need to import certs, it's critical to do that to the cacerts of the JVM that CF is pointing to.
You are right. I was using an old Java Version, Java 6.
I will upgrade it to Java 8 and try it out!!
Thanks for all the support!!
This is almost certainly a TLS problem of one sort or another. Many sites require a minimum of TLS 1.1. HTTPS APIs often require TLS 1.2, since they're not directly visited by users. You may need to upgrade the version of Java you're using, and CF 8 might not even support the version you're using. Finally, you might have to add custom parameters to jvm.config to have CF use the settings you need. There have been a bunch of blog posts about this sort of thing, search on "coldfusion 8 tls 1.2" and see what pops up.
You will also have to add the server's certificate chain to your cacerts file. If you search on "coldfusion cacerts" you'll find lots of entries about how to do that.
Dave Watts, Eidolon LLC
I just ran an SSLLabs check of the reqres.in API endpoint. The test reveals that the server requires SNI support which Java 6 does not appear to support (assuming you're using the stock Java 6 that came with CF 8).